package com.xf.common.security.starter.configure;

import com.xf.common.security.starter.handler.FebsAccessDeniedHandler;
import com.xf.common.security.starter.handler.FebsAuthExceptionEntryPoint;
import com.xf.common.security.starter.handler.PcSecurityExpressionHandler;
import com.xf.common.security.starter.properties.FebsCloudSecurityProperties;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;

/**
 * @author xufeng
 * <p>
 * 启用基于注释的安全性
 * 开启一些自动配置类
 */
@Slf4j
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableConfigurationProperties(FebsCloudSecurityProperties.class)
@ConditionalOnProperty(value = "febs.cloud.security.enable", havingValue = "true", matchIfMissing = true)
public class SecurityAutoConfigure extends GlobalMethodSecurityConfiguration {

    @Bean
    @ConditionalOnMissingBean(name = "accessDeniedHandler")
    public FebsAccessDeniedHandler accessDeniedHandler() {
        return new FebsAccessDeniedHandler();
    }

    @Bean
    @ConditionalOnMissingBean(name = "authenticationEntryPoint")
    public FebsAuthExceptionEntryPoint authenticationEntryPoint() {
        return new FebsAuthExceptionEntryPoint();
    }

    @Bean
    @ConditionalOnMissingBean(name = "pcSecurityExpressionHandler")
    public PcSecurityExpressionHandler pcSecurityExpressionHandler() {
        return new PcSecurityExpressionHandler();
    }

    /**
     * 密码编码器
     * 委托方式，根据密码的前缀选择对应的encoder，例如：{bcypt}前缀->标识BCYPT算法加密；{noop}->标识不使用任何加密即明文的方式
     */
    @Bean
    @ConditionalOnMissingBean(value = PasswordEncoder.class)
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @ConditionalOnMissingBean(value = PcSecurityExpressionHandler.class)
    public PcSecurityExpressionHandler expressionHandler() {
        return new PcSecurityExpressionHandler();
    }

    /**
     * feign的拦截器 给头部添加token
     *
     * @return
     */
//    @Bean
//    public RequestInterceptor oauth2FeignRequestInterceptor() {
//        return requestTemplate -> {
//            String authorizationToken = FebsUtil.getCurrentTokenValue();
//            if (StringUtils.isNotBlank(authorizationToken)) {
//                requestTemplate.header(HttpHeaders.AUTHORIZATION, FebsConstant.OAUTH2_TOKEN_TYPE + authorizationToken);
//            }
//        };
//    }

    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() {
        return new OAuth2MethodSecurityExpressionHandler();
    }
}
